Necurs is a prevalent threat in the wild at the moment - variants of Necurs were reported on 83,427 unique machines during the month of November 2012.
Necurs is mostly distributed by drive-by download. This means that you might be silently infected by Necurs when you visit websites that have been compromised by exploit kits such as Blackhole .
So what does Necurs actually do? At a high level, it enables further compromise by providing the functionality to:
Download additional malware...

Recently, we’ve seen similar activities being performed by different malware that monitor online Korean applications. Mostly, the applications they monitor are card games, such as those in Figure 1.
Figure 1: Examples of online Korean games that are being monitored. (Source: http://www.hangame.com )
The following applications are monitored if found running on the system:
LASPOKER.EXE
h ighlow2.exe
baduki.exe
duelpoker.exe
HOOLA3.exe
poker7.exe
FRN.exe
...

In my previous blog " Fake apps and the lure of alternative sources ," I discussed a fraudulent scheme that takes advantage of known, legitimate and free applications. Unlike rogues and ransomware which use threats and force to influence their victims, the social engineering techniques employed by a fake installer are less aggressive yet, interestingly, more deceptive.
This technique is widely used in the Win32/Pameseg family – our detection for a family of "paid archives" that present as...

Win32/Weelsof is part of a large malware family called ransomware, which is different from your traditional trojans and worms. Ransomware’s main goal is to financially benefit from every infected user and force them to pay.
We included Win32/Weelsof in our November release of the Malicious Software Removal Tool .
Malware entry point
The user can be infected by this malware by visiting a compromised or malicious website. The website may have been compromised by exploits or injected...

Phdet is the family which has been added to the December 2012 release of the Malicious Software Removal Tool . Phdet is a family of backdoor trojans that have the ability to perform distributed denial of service (DDoS) attacks.
The bot can be found online, going by the formal name of "Black Energy".
The DDoS bot has existed for a number of years, with initial detections added in 2007.
An attacker can build and configure binaries to perform different actions, and can specify the frequency...

Some users of Microsoft antimalware products have reported a performance issue with signature definition versions starting with 1.141.2400.0 (12/21/2012 1920 UTC).
The current definition files, since 1.141.2639.0 (12/27/2012 0625 UTC), resolve this issue. If you have a signature set in the affected range, please update to the current definition files .
Shannon Sabens MMPC